init: Implement fallback for DHCP servers without Rapid Commit

mtjhrc · mtjhrc · commit bae9cc7aa6bb · 2026-03-23T18:32:30.000+01:00
When a server answers DHCPDISCOVER with DHCPOFFER instead of an immediate ACK,
send DHCPREQUEST for the and wait for the final ACK.

This makes DHCP work on macOS hosts when using gvproxy for networking.

Signed-off-by: Matej Hrica &lt;mhrica@redhat.com&gt;
diff --git a/init/dhcp.c b/init/dhcp.c
@@ -25,6 +25,8 @@
 #include <unistd.h>
 
 #define DHCP_BUFFER_SIZE 576
+#define DHCP_MSG_OFFER 2
+#define DHCP_MSG_ACK   5
 
 /* Helper function to send netlink message */
 static int nl_send(int sock, struct nlmsghdr *nlh)
@@ -254,6 +256,127 @@ static unsigned char count_leading_ones(uint32_t val)
     return count;
 }
 
+/* Return the DHCP message type (option 53) from a response, or 0 */
+static unsigned char get_dhcp_msg_type(const unsigned char *response,
+                                       ssize_t len)
+{
+    /* Walk DHCP options (TLV chain starting after the magic cookie) */
+    size_t p = 240;
+    while (p < (size_t)len) {
+        unsigned char opt = response[p];
+
+        if (opt == 0xff) /* end */
+            break;
+        if (opt == 0) { /* padding */
+            p++;
+            continue;
+        }
+
+        unsigned char opt_len = response[p + 1];
+        p += 2;
+
+        if (p + opt_len > (size_t)len)
+            break;
+        if (opt == 53 && opt_len >= 1) /* Message Type */
+            return response[p];
+
+        p += opt_len;
+    }
+    return 0;
+}
+
+/* Parse a DHCP ACK and configure the interface. Returns 0 or -1 on error. */
+static int handle_dhcp_ack(int nl_sock, int iface_index,
+                           const unsigned char *response, ssize_t len)
+{
+    /* Parse DHCP response */
+    struct in_addr addr;
+    /* yiaddr is at offset 16-19 in network byte order */
+    memcpy(&addr.s_addr, &response[16], sizeof(addr.s_addr));
+
+    struct in_addr netmask = {.s_addr = INADDR_ANY};
+    struct in_addr router = {.s_addr = INADDR_ANY};
+    /* Clamp MTU to passt's limit */
+    uint16_t mtu = 65520;
+
+    FILE *resolv = fopen("/etc/resolv.conf", "w");
+    if (!resolv) {
+        perror("Failed to open /etc/resolv.conf");
+    }
+
+    /* Parse DHCP options (start at offset 240 after magic cookie) */
+    size_t p = 240;
+    while (p < (size_t)len) {
+        unsigned char opt = response[p];
+
+        if (opt == 0xff) {
+            /* Option 255: End (of options) */
+            break;
+        }
+
+        if (opt == 0) { /* Padding */
+            p++;
+            continue;
+        }
+
+        unsigned char opt_len = response[p + 1];
+        p += 2; /* Length doesn't include code and length field itself */
+
+        if (p + opt_len > (size_t)len) {
+            /* Malformed packet, option length exceeds packet boundary */
+            break;
+        }
+
+        if (opt == 1) {
+            /* Option 1: Subnet Mask */
+            memcpy(&netmask.s_addr, &response[p], sizeof(netmask.s_addr));
+        } else if (opt == 3) {
+            /* Option 3: Router */
+            memcpy(&router.s_addr, &response[p], sizeof(router.s_addr));
+        } else if (opt == 6) {
+            /* Option 6: Domain Name Server */
+            if (resolv) {
+                for (int dns_p = p; dns_p + 3 < p + opt_len; dns_p += 4) {
+                    fprintf(resolv, "nameserver %d.%d.%d.%d\n",
+                            response[dns_p], response[dns_p + 1],
+                            response[dns_p + 2], response[dns_p + 3]);
+                }
+            }
+        } else if (opt == 26) {
+            /* Option 26: Interface MTU */
+            mtu = (response[p] << 8) | response[p + 1];
+
+            /* We don't know yet if IPv6 is available: don't go below 1280 B
+             */
+            if (mtu < 1280)
+                mtu = 1280;
+            if (mtu > 65520)
+                mtu = 65520;
+        }
+
+        p += opt_len;
+    }
+
+    if (resolv) {
+        fclose(resolv);
+    }
+
+    /* Calculate prefix length from netmask */
+    unsigned char prefix_len = count_leading_ones(ntohl(netmask.s_addr));
+
+    if (mod_addr4(nl_sock, iface_index, RTM_NEWADDR, addr, prefix_len) != 0) {
+        printf("couldn't add the address provided by the DHCP server\n");
+        return -1;
+    }
+    if (mod_route4(nl_sock, iface_index, RTM_NEWROUTE, router) != 0) {
+        printf(
+            "couldn't add the default route provided by the DHCP server\n");
+        return -1;
+    }
+    set_mtu(nl_sock, iface_index, mtu);
+    return 0;
+}
+
 /* Send DISCOVER with Rapid Commit, process ACK, configure address and route */
 int do_dhcp(const char *iface)
 {
@@ -376,105 +499,84 @@ int do_dhcp(const char *iface)
         goto cleanup;
     }
 
-    /* Get and process response (DHCPACK) if any */
+    /* Get response: DHCPACK (Rapid Commit) or DHCPOFFER */
     struct sockaddr_in from_addr;
     socklen_t from_len = sizeof(from_addr);
     ssize_t len = recvfrom(sock, response, sizeof(response), 0,
                            (struct sockaddr *)&from_addr, &from_len);
 
-    close(sock);
-    sock = -1;
-
-    if (len > 0) {
-        /* Parse DHCP response */
-        struct in_addr addr;
-        /* yiaddr is at offset 16-19 in network byte order */
-        memcpy(&addr.s_addr, &response[16], sizeof(addr.s_addr));
-
-        struct in_addr netmask = {.s_addr = INADDR_ANY};
-        struct in_addr router = {.s_addr = INADDR_ANY};
-        /* Clamp MTU to passt's limit */
-        uint16_t mtu = 65520;
-
-        FILE *resolv = fopen("/etc/resolv.conf", "w");
-        if (!resolv) {
-            perror("Failed to open /etc/resolv.conf");
-        }
-
-        /* Parse DHCP options (start at offset 240 after magic cookie) */
-        size_t p = 240;
-        while (p < (size_t)len) {
-            unsigned char opt = response[p];
-
-            if (opt == 0xff) {
-                /* Option 255: End (of options) */
-                break;
-            }
-
-            if (opt == 0) { /* Padding */
-                p++;
-                continue;
-            }
-
-            unsigned char opt_len = response[p + 1];
-            p += 2; /* Length doesn't include code and length field itself */
-
-            if (p + opt_len > (size_t)len) {
-                /* Malformed packet, option length exceeds packet boundary */
-                break;
-            }
+    if (len <= 0)
+        goto done; /* No DHCP response — not an error, VM may be IPv6-only */
 
-            if (opt == 1) {
-                /* Option 1: Subnet Mask */
-                memcpy(&netmask.s_addr, &response[p], sizeof(netmask.s_addr));
-            } else if (opt == 3) {
-                /* Option 3: Router */
-                memcpy(&router.s_addr, &response[p], sizeof(router.s_addr));
-            } else if (opt == 6) {
-                /* Option 6: Domain Name Server */
-                if (resolv) {
-                    for (int dns_p = p; dns_p + 3 < p + opt_len; dns_p += 4) {
-                        fprintf(resolv, "nameserver %d.%d.%d.%d\n",
-                                response[dns_p], response[dns_p + 1],
-                                response[dns_p + 2], response[dns_p + 3]);
-                    }
-                }
-            } else if (opt == 26) {
-                /* Option 26: Interface MTU */
-                mtu = (response[p] << 8) | response[p + 1];
-
-                /* We don't know yet if IPv6 is available: don't go below 1280 B
-                 */
-                if (mtu < 1280)
-                    mtu = 1280;
-                if (mtu > 65520)
-                    mtu = 65520;
-            }
+    unsigned char msg_type = get_dhcp_msg_type(response, len);
 
-            p += opt_len;
+    if (msg_type == DHCP_MSG_ACK) {
+        /* Rapid Commit — server sent ACK directly */
+        close(sock);
+        sock = -1;
+        if (handle_dhcp_ack(nl_sock, iface_index, response, len) != 0)
+            goto cleanup;
+    } else if (msg_type == DHCP_MSG_OFFER) {
+        /*
+         * DHCPOFFER — complete the 4-way handshake by sending DHCPREQUEST
+         * and waiting for DHCPACK. Servers without Rapid Commit (e.g.
+         * gvproxy) require this.
+         */
+        struct in_addr offered_addr;
+        memcpy(&offered_addr.s_addr, &response[16],
+               sizeof(offered_addr.s_addr));
+
+        /* Build DHCPREQUEST */
+        memset(request.options, 0, sizeof(request.options));
+        opt_offset = 0;
+
+        /* Option 53: DHCP Message Type = REQUEST (3) */
+        request.options[opt_offset++] = 53;
+        request.options[opt_offset++] = 1;
+        request.options[opt_offset++] = 3;
+
+        /* Option 50: Requested IP Address */
+        request.options[opt_offset++] = 50;
+        request.options[opt_offset++] = 4;
+        memcpy(&request.options[opt_offset], &offered_addr.s_addr, 4);
+        opt_offset += 4;
+
+        /* Option 54: Server Identifier (from_addr) */
+        request.options[opt_offset++] = 54;
+        request.options[opt_offset++] = 4;
+        memcpy(&request.options[opt_offset], &from_addr.sin_addr.s_addr, 4);
+        opt_offset += 4;
+
+        /* Option 255: End */
+        request.options[opt_offset++] = 0xff;
+
+        if (sendto(sock, &request, sizeof(request), 0,
+                   (struct sockaddr *)&dest_addr, sizeof(dest_addr)) < 0) {
+            perror("sendto DHCPREQUEST failed");
+            goto cleanup;
         }
 
-        if (resolv) {
-            fclose(resolv);
-        }
+        from_len = sizeof(from_addr);
+        len = recvfrom(sock, response, sizeof(response), 0,
+                       (struct sockaddr *)&from_addr, &from_len);
 
-        /* Calculate prefix length from netmask */
-        unsigned char prefix_len = count_leading_ones(ntohl(netmask.s_addr));
+        close(sock);
+        sock = -1;
 
-        if (mod_addr4(nl_sock, iface_index, RTM_NEWADDR, addr, prefix_len) != 0) {
-            printf("couldn't add the address provided by the DHCP server\n");
+        if (len <= 0) {
+            printf("no DHCPACK received\n");
             goto cleanup;
         }
-        if (mod_route4(nl_sock, iface_index, RTM_NEWROUTE, router) != 0) {
-            printf(
-                "couldn't add the default route provided by the DHCP server\n");
+
+        if (handle_dhcp_ack(nl_sock, iface_index, response, len) != 0)
             goto cleanup;
-        }
-        set_mtu(nl_sock, iface_index, mtu);
+    } else {
+        printf("unexpected DHCP message type %d\n", msg_type);
+        goto cleanup;
     }
 
+done:
     ret = 0;
-
 cleanup:
     if (sock >= 0) {
         close(sock);
